toro
October 24, 2020, 4:07pm
1
Hi, I recently installed OpenWrt on a Netgear R7800 router and it's been working great with the exception of 1 issue.
I have an older iPad (on iOS 12.4.8) and it can only connect to the network without internet for some reason. All other devices work great.
Here is what the log looks like when connecting the iPad.
Sat Oct 24 15:59:42 2020 daemon.info hostapd: wlan1: STA 5c:f7:e6:56:fd:29 IEEE 802.11: authenticated
Sat Oct 24 15:59:42 2020 daemon.info hostapd: wlan1: STA 5c:f7:e6:56:fd:29 IEEE 802.11: associated (aid 5)
Sat Oct 24 15:59:42 2020 daemon.notice hostapd: wlan1: AP-STA-CONNECTED 5c:f7:e6:56:fd:29
Sat Oct 24 15:59:42 2020 daemon.info hostapd: wlan1: STA 5c:f7:e6:56:fd:29 WPA: pairwise key handshake completed (RSN)
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 available DHCP range: 192.168.99.100 -- 192.168.99.249
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 client provides name: Garretts-iPad
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 DHCPREQUEST(br-lan) 192.168.99.233 5c:f7:e6:56:fd:29
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 tags: lan, br-lan
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 DHCPACK(br-lan) 192.168.99.233 5c:f7:e6:56:fd:29 iPad
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 requested options: 1:netmask, 121:classless-static-route, 3:router,
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 requested options: 6:dns-server, 15:domain-name, 119:domain-search,
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 requested options: 252
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 next server: 192.168.99.1
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 1 option: 53 message-type 5
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 54 server-identifier 192.168.99.1
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 51 lease-time 12h
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 58 T1 6h
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 59 T2 10h30m
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 1 netmask 255.255.255.0
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 28 broadcast 192.168.99.255
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 3 router 192.168.99.1
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 3 option: 15 domain-name lan
Sat Oct 24 15:59:42 2020 daemon.info dnsmasq-dhcp[3705]: 2217548210 sent size: 4 option: 6 dns-server 10.64.0.1
And here is what the wireless config looks like. I think the only changes I've made to the wireless config were based on suggestions I found prior to making this post (Added option max_inactivity '3600' and option disassoc_low_ack '0')
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key '******'
option encryption 'psk2'
option max_inactivity '3600'
option disassoc_low_ack '0'
option dtim_period '3'
option ssid 'OpenWrt-5G'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT20'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option key '*****'
option dtim_period '3'
option encryption 'psk2'
Appreciate any advice anyone may have. Thanks.
trendy
October 24, 2020, 5:43pm
2
It seems that the ipad is acquiring settings from dhcp successfully. Can you verify that on the connection manager of the ipad?
Can you do a ping/traceroute/nslookup from the ipad to verify what works and what doesn't?
Try the gateway IP 192.168.99.1, the dns 10.64.0.1, 1.1.1.1 and openwrt.org
2 Likes
toro
October 25, 2020, 4:06pm
3
Alright, here's what I've found. Let me know if this is enough information or if there are any more helpful diagnostics I can run. Thanks. I appreciate the help.
Gateway IP (192.168.99.1):
DNS (10.64.0.1):
Traceroute shows starting at 192.168.99.1 and then times out
1.1.1.1:
Ping Successful
Traceroute shows starting at 192.168.99.1 and ending in 1.1.1.1 in 12 steps
Openwrt.org :
Ping failed
nslookup failed
Traceroute: hostname lookup failed
Check OpenWrt configuration:
uci show network; uci show firewall; uci show dhcp; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
ip address show; ip route show table all; ip rule show
2 Likes
toro
October 26, 2020, 5:11am
5
Output copied below. Let me know if you have a chance to take a look. Thanks.
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd36:67c5:b072::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth1.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.99.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 0t'
network.WGINTERFACE=interface
network.WGINTERFACE.proto='wireguard'
network.WGINTERFACE.private_key='***'
network.WGINTERFACE.addresses='*.*.*.*' '*.*.*.*'
network.@wireguard_WGINTERFACE[0]=wireguard_WGINTERFACE
network.@wireguard_WGINTERFACE[0].endpoint_port='51820'
network.@wireguard_WGINTERFACE[0].public_key='*****'
network.@wireguard_WGINTERFACE[0].allowed_ips='0.0.0.0/0'
network.@wireguard_WGINTERFACE[0].endpoint_host='*.*.*.*'
network.HOME_VPN=interface
network.HOME_VPN.proto='wireguard'
network.HOME_VPN.addresses='*.*.*.*'
network.HOME_VPN.private_key='*****'
network.@wireguard_HOME_VPN[0]=wireguard_HOME_VPN
network.@wireguard_HOME_VPN[0].public_key='*****'
network.@wireguard_HOME_VPN[0].endpoint_port='51820'
network.@wireguard_HOME_VPN[0].allowed_ips='0.0.0.0/0'
network.@wireguard_HOME_VPN[0].preshared_key='*****'
network.@wireguard_HOME_VPN[0].endpoint_host='*.*.*.*'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='WGZONE'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].network='WGINTERFACE HOME_VPN'
firewall.@zone[2]=zone
firewall.@zone[2].name='wan'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].network='wan'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='WGZONE'
firewall.@forwarding[1].src='lan'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].server='10.64.0.1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.dhcp_option='6,10.64.0.1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
ip route get 10.64.0.1 from 192.168.99.1
1 Like
trendy
October 26, 2020, 5:23pm
7
The last line of commands was not executed.
2 Likes
toro
October 27, 2020, 12:03am
8
Sorry, full output below after using: ip route get 10.64.0.1 from 192.168.99.1
. Running this command did not help unfortunately. Thanks again.
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd36:67c5:b072::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth1.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.99.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 0t'
network.WGINTERFACE=interface
network.WGINTERFACE.proto='wireguard'
network.WGINTERFACE.private_key='*****'
network.WGINTERFACE.addresses='10.66.232.41' '10.66.232.41/32'
network.@wireguard_WGINTERFACE[0]=wireguard_WGINTERFACE
network.@wireguard_WGINTERFACE[0].endpoint_port='51820'
network.@wireguard_WGINTERFACE[0].public_key='****'
network.@wireguard_WGINTERFACE[0].allowed_ips='0.0.0.0/0'
network.@wireguard_WGINTERFACE[0].endpoint_host='193.32.249.66'
network.HOME_VPN=interface
network.HOME_VPN.proto='wireguard'
network.HOME_VPN.addresses='*****'
network.HOME_VPN.private_key='*****'
network.@wireguard_HOME_VPN[0]=wireguard_HOME_VPN
network.@wireguard_HOME_VPN[0].public_key='*****'
network.@wireguard_HOME_VPN[0].endpoint_port='51820'
network.@wireguard_HOME_VPN[0].allowed_ips='0.0.0.0/0'
network.@wireguard_HOME_VPN[0].preshared_key='*****'
network.@wireguard_HOME_VPN[0].endpoint_host='*****'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='WGZONE'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].network='WGINTERFACE HOME_VPN'
firewall.@zone[2]=zone
firewall.@zone[2].name='wan'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].network='wan'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='WGZONE'
firewall.@forwarding[1].src='lan'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].server='10.64.0.1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.dhcp_option='6,10.64.0.1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
nameserver 75.75.75.75
nameserver 75.75.76.76
search hsd1.ca.comcast.net.
head: /tmp/resolv.*/*: No such file or directory
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 9c:3d:cf:f1:47:ff brd ff:ff:ff:ff:ff:ff
inet6 fe80::9e3d:cfff:fef1:47ff/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 9c:3d:cf:f1:47:fe brd ff:ff:ff:ff:ff:ff
inet6 fe80::9e3d:cfff:fef1:47fe/64 scope link
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9c:3d:cf:f1:47:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.99.1/24 brd 192.168.99.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd36:67c5:b072::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::9e3d:cfff:fef1:47fe/64 scope link
valid_lft forever preferred_lft forever
8: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether 9c:3d:cf:f1:47:fe brd ff:ff:ff:ff:ff:ff
9: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9c:3d:cf:f1:47:ff brd ff:ff:ff:ff:ff:ff
inet MYIP/21 brd 24.130.63.255 scope global eth0.2
valid_lft forever preferred_lft forever
inet6 fe80::9e3d:cfff:fef1:47ff/64 scope link
valid_lft forever preferred_lft forever
12: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether 9c:3d:cf:f1:48:01 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9e3d:cfff:fef1:4801/64 scope link
valid_lft forever preferred_lft forever
13: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether 9c:3d:cf:f1:48:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9e3d:cfff:fef1:4800/64 scope link
valid_lft forever preferred_lft forever
14: WGINTERFACE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.66.232.41/32 brd 255.255.255.255 scope global WGINTERFACE
valid_lft forever preferred_lft forever
15: HOME_VPN: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet VPNIP/24 brd 10.6.0.255 scope global HOME_VPN
valid_lft forever preferred_lft forever
default via 24.130.56.1 dev eth0.2 proto static src MYIP
VPNIP/24 dev HOME_VPN proto kernel scope link src VPNIP
24.23.183.102 via 24.130.56.1 dev eth0.2 proto static
24.130.56.0/21 dev eth0.2 proto kernel scope link src MYIP
192.168.99.0/24 dev br-lan proto kernel scope link src 192.168.99.1
193.32.249.66 via 24.130.56.1 dev eth0.2 proto static
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
It looks like you are missing a route for 10.64.0.1
.
2 Likes
toro
October 27, 2020, 4:58am
10
Thank you. I finally realized how this happened. I apologize for my ignorance with this.
I used Mullvad's guide for setting up the VPN, and then used policy based routing to only route specific traffic. But Mullvad's guide forces all traffic through the DNS. For some reason, only the iPad was impacted.
What is the best way to forward traffic to 10.64.0.1 only if it is going to the interface: WGINTERFACE?
trendy
October 27, 2020, 8:59am
11
Most likely the other devices are Androids and use GoogleDNS as failover.
It isn't that trivial.
If you advertise the Mullvad nameserver from DHCP (as you do), then you should forward the traffic to the VPN.
Otherwise use tags to advertise it only to specific hosts and with VPN-PBR force these hosts to the VPN only.
2 Likes